Privacy Policy of mibeTec GmbH
Data protection – herpotherm® EN
DATA PROTECTION STATEMENT
1 Privacy policy of MibeTec
We, the operators of the website www.herpotherm.com, take the protection of your personal data very seriously and strictly observe data protection standards—the (EU) General Data Protection Regulation (GDPR), the (German) Federal Data Protection Act (BDSG), the (German) Telemedia Act (TMG) and other legal provisions. The object of data protection is personal data. This is all information that relates to an identified or identifiable natural person. It includes, for example, information such as name, postal address, e-mail address or telephone number, but also usage data such as your IP address.
In the following, we wish to inform you about how we handle your personal data.
1.1 Controller and data protection officer
The website www.herpotherm.com is an offering of MibeTec (“Operator” herein). MibeTec is therefore the controller in terms of Art. 5 (2) GDPR.
You can reach our data protection officer at the address mentioned in the site notice.
1.2 Purposes and scope of data processing when visiting the website
Upon each access by a user to a page of our website and upon each retrieval of a file, access data concerning this process is stored in a log file on our server.
Each dataset is comprised of:
- the page from which the file was requested (referrer URL)
- the name of the file
- the date and time of the request (“time stamp”)
- the amount of data transferred
- the access status (file transferred, file not found, etc.)
- the access method used (get, head, post) and violations of it (trace, flurp, etc.)
- encryption algorithm used (TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3) and cipher suite
- violations of HPKP
- HTTP protocol used (HTTP1.0, HTTP1.1, HTTP2.0) and violations of the RFC definition of the protocol
- transmission compression used (gzip, deflate, brotli)
- browser cache status during recurring visit
- server cache responses and changes
- violations of CSP (content security policy)
- violations of distributed denial-of-service (DDOS)
- violations of access restrictions of server directories
We store IP addresses for a maximum period of 180 days in server log files (depending on the log file created).
Further use or transmission of this data happens only with the developer of the website in the event of an error. The analysis acts as function testing of the web server or the website.
The storage occurs for reasons of data security in order to guarantee the stability and reliability of our website. The legal basis for this is Art. 6 (1) (b) GDPR.
We do not, in principle, share your data with third parties unless you have consented to it. For certain areas, however—e. g., for the hosting of our website—we rely on the use of service providers, whom we normally obligate to compliance with the statutory provisions in the course of processing.
1.3 Collection, use and sharing of personal data
Personal data is stored only when you voluntarily provide it to us—for example, when you register on the website, order informational material or subscribe to the newsletter. We use your personal data exclusively for purposes of the technical administration of our websites, in order to give you access to specific information, and for miscellaneous communication with you. We take precautions to protect your personal data against loss, destruction, corruption, manipulation and unauthorized access. Of course, the provisions of data protection law are observed in the process. We reserve the right in exceptional cases—for example, in case of queries on the products bite away® and HERPOtherm®—to share your personal data with the currently notified and responsible manufacturer. Our employees are obligated to confidentiality. If data is shared with service providers in the course of processing, they are likewise obligated to confidentiality and bound to follow the data protection laws, other legal provisions and this privacy policy.
1.4 External links
This website may contain links to external websites to which this privacy policy does not extend. The operator of the website mediates access for the use of these external websites, but is not responsible for their content because it does not prompt the transmission of the information, does not select the readers of the transmitted information, nor has it selected, modified or cached the transmitted information. When you leave the website, it is recommended that you carefully read the privacy policy of every other website.
2 Data collection and processing
2.1 Collection and processing during use of the contact form
During use of the contact form, we collect your personal data (name, e-mail address, telephone number, message text, address) only to the extent you provide it. The processing serves the purpose of making contact. The processing occurs on the basis of Art. 6 (1) (b) GDPR.
We use your personal data only for processing your query. Your data is deleted as soon as it is no longer required for achieving the purpose of its collection. This is normally the case when it can be understood from the circumstances that the issue at hand has been finally clarified.
2.2 Contact by e-mail
If you establish contact with us by e-mail, we only use your personal data (name, e-mail address, message text) to make contact with you. The processing occurs on the basis of Art. 6 (1) (b) GDPR. We use your e-mail address only for processing your query. Your data is deleted as soon as it is no longer required for achieving the purpose of its collection. This is normally the case when it can be understood from the circumstances that the issue at hand has been finally clarified.
2.3 Newsletter transmission
Should the occasion arise, newsletters with general and product information may be subscribed to on our website if you have expressly consented. The processing occurs on the basis of Art. 6 (1) (b) GDPR with your consent. In the course of registration for the newsletter, data from the input screen is transmitted to us. Entering an e-mail address is sufficient for receiving the newsletter. Your consent occurs within the scope of a so-called double opt-in. Moreover, in this connection, the IP address of the retrieving computer as well as the date and time of the registration are logged as documentation of your consent. You have the option to revoke your consent with future effect and to unsubscribe from our newsletters at any time, such as through the unsubscribe option provided in the newsletter.
3 Cookies
Our website uses cookies. Cookies are small text files that are stored in the web browser or by the web browser on the computer system of a user. When a user retrieves a website, a cookie can be stored on the operating system of the user. In the case of a log-in, this cookie contains a string of characters that guarantees clear identification of the browser for the duration of the log-in. Normally, cookies are used to administer metadata of the website and contain no personal data.
We use cookies for the purpose of making our website more user-friendly, effective and safe. Some functions of our website cannot be offered without the use of cookies. The processing occurs on the basis of Art. 6 (1) (f) GDPR and arises from the legitimate interest in the aforementioned purposes.
Through technical precautions, the data collected from you in this manner is pseudonymized. It is therefore no longer possible for us as the website operator to associate the data with you as a person. The data is not stored together with other personal data of yours that we have collected.
Cookies are stored on your computer. You therefore have full control over the use of cookies. By choosing appropriate technical settings in your web browser, you can prevent the storage of cookies and transmission of the data received. Already stored cookies can be deleted at any time. We would point out, however, that in such case you may be unable to use all functions of this website to the full extent. At the following links, you can learn how you can administer (including deactivate) cookies in the principal browsers: Chrome, Internet Explorer, Firefox, Safari.
4 Use of Google products
4.1 Use of Google Analytics
We use Google Analytics to analyze website usage. The data that is acquired in this way is used to optimize our website and advertising efforts.
Google Analytics is a web analysis service that is operated and provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google processes the data on website usage for us and contractually undertakes to take measures to ensure the confidentiality of the processed data.
The following and other data is recorded during your website visit:
- pages retrieved
- your behavior on the pages (such as clicks, scrolling behavior and length of stay)
- your approximate location (country and city)
- your IP address (in truncated form, so that no clear association is possible)
- technical information, such as browser, Internet provider, terminal and screen resolution
- source of your visit (i.e., through which website or advertising medium you have come to us)
This data is transmitted to a server of Google in the United States. For this, Google adheres to the data protection provisions of the “EU-US Privacy Shield” agreement. Google Analytics stores cookies in your web browser for a period of two years from your last visit. These cookies include a randomly generated user ID, with which you can be recognized during future website visits. The recorded data is stored together with the randomly generated user ID, which facilitates the analysis of pseudonymous user profiles. This user-related data is automatically deleted after fourteen months. Other data remains stored indefinitely in aggregated form. If you should not agree with the collection, you can prevent this with the one-time installation of the browser add-ons for the deactivation of Google Analytics.
4.2 Google Adwords Remarketing / Google Tag Manager
We use Google Remarketing tags. These are services of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google” herein). Google uses cookies that are stored on your computer and facilitate an analysis of your usage of the website. Information generated by cookies about your use of this website (including your IP address) is transmitted to a Google server in the United States and stored there. Google then truncates the IP address by the last three digits, therefore making a clear association of the IP address no longer possible. Google will use this information to analyze your use of the website, to compile reports about website activities for the website operators and to perform other services associated with website and Internet usage. Google will also transmit this information to third parties as appropriate if required by law or if Google commissions third parties to process this data. Third-party providers, including Google, place ads in websites on the Internet. Third-party providers, including Google, use stored cookies to place ads based on a user’s previous visits to this website. In no event will Google associate your IP address with other data of Google. The collection and storage of data can be objected to at any time with future effect. You can deactivate Google's use of cookies by calling up the site for deactivating Google advertising. We would point out, however, that in this case, you may not be able to use all functions of this website to the full extent.
By using this website, you declare your agreement with the processing of the data collected about you by Google in the manner described above and for the aforementioned purpose. The collection and storage of data can be objected to at any time with future effect. You can find further information on Google's policies here.
Our website uses Google Tag Manager for purposes of personalized, interest- and location-based online advertising. Google Tag Manager regulates the option to anonymize IP addresses through an internal setting which is not visible in the source of this page. This internal setting is set in a manner that achieves the required anonymization of the IP addresses.
You can prevent interest-based advertising through the installation of this browser plug-in.
4.3 Google Adwords Conversion Tracking
This website also uses Google Conversion Tracking. In the process, Google AdWords sets a cookie on your computer if you have reached our website through a Google ad. These cookies lose their validity after thirty days and do not serve for personal identification. If the user visits certain pages of the website of the AdWords customer and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was forwarded to this page. Each AdWords customer receives a different cookie. Cookies therefore cannot be tracked through the websites of AdWords customers. Information obtained by means of the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking.
AdWords customers learn the total number of users who have clicked on their ad and were forwarded to a page furnished with a conversion tracking tag. However, you receive no information with which you can personally identify the users. If you do not wish to participate in the tracking process, you can also refuse a required cookie to be set for this—for instance, through a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser in such a way that cookies are blocked from the domain “www.ads.google.com”. You can find Google’s privacy notice on conversion tracking here.
4.4 Web fonts
For a uniform presentation of typefaces, this site uses so-called web fonts supplied by Google. Google fonts are installed locally on our server. This does not create a link with the servers of Google.
4.5 YouTube
This website may include at least one plug-in from YouTube, which is owned by Google, Inc. and domiciled in San Bruno, California, USA. The moment you visit pages of our website that are equipped with a YouTube plug-in, a connection to the servers of YouTube is established. The YouTube server is thereby notified about which specific page of our website you visited. If, in addition, you are logged into your YouTube account, you would enable YouTube to associate your surfing behavior directly with your personal profile. You can prevent this possibility of association if you log out of your account in advance. You can obtain further information on the collection and use of your data by YouTube in the discussion of data privacy at www.youtube.com.
5 Facebook
5.1 Social plug-in
This website uses social plug-ins (“plug-ins”) of the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). Plug-ins can be recognized by one of the Facebook logos (white “f” on a blue tile, the term “like” or a “thumbs up” symbol) or are denoted with the suffix “Facebook Social Plugin”. The list and the appearance of the Facebook social plug-ins can be examined here.
When a user accesses a page of this website which contains such a plug-in, his browser establishes a direct link with the servers of Facebook. The content of the plug-in is transmitted by Facebook directly to your browser and integrated by it into the website. The provider therefore has no influence on the scope of the data which Facebook collects by means of this plug-in and therefore informs the users consistent with the state of its knowledge.
By including the plug-in, Facebook obtains the information that a user has accessed the corresponding page of the website. If the user is logged in at Facebook, Facebook can associate the visit with the user's Facebook account. When users interact with the plug-ins—for example, by pressing the “like” button or submitting a comment—the corresponding information is transmitted from your browser directly to Facebook and stored there. If a user is not a member of Facebook, the possibility still exists that Facebook will find out and store his IP address. According to Facebook, only anonymized IP addresses are stored in Germany.
Users can find the purpose and scope of the collection of data and the further processing and use of the data by Facebook as well as the relevant rights and setting options for protecting the user's privacy in the Data Policy of Facebook.
If a user is a member of Facebook and does not want Facebook to collect data about him through this website and link it with his member data stored at Facebook, he must log off from Facebook before visiting the website.
5.2 Facebook Website Custom Audiences
Within our website, we use the “Website Custom Audience” pixel of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. Doing so integrates so-called web bugs into our pages. When you visit our pages, a direct connection is established between your browser and the Facebook server through the web bug. Among other things, Facebook thereby receives the information from your browser that our page was accessed by your terminal. As a result of this, if you are a Facebook user, Facebook can associate the visit to our pages with your user account. We point out that, as the provider of the pages, we do not receive any knowledge of the content of the transmitted data or its use by Facebook. We can only choose which segments of Facebook users (such as age and interests) are to be shown our advertising. For this, we use one of two functions of Custom Audiences in which no datasets—particularly no e-mail addresses of our users, either encrypted or unencrypted—are transmitted to Facebook. You can find further information on this in the Facebook Privacy Policy.
If you wish to object to the use of Facebook Website Custom Audiences, you can do this here.
5.3 Conversion tracking with the Conversion Pixel of Facebook
We utilize the Conversion Pixel or Tracking Pixel of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). By accessing this Pixel from your browser, Facebook can subsequently recognize whether a Facebook ad was successful—in other words, resulted in an online transaction, for example. To this end, we receive exclusively statistical data from Facebook without a reference to a specific person. This enables us to track the effectiveness of Facebook ads for statistical and marketing research purposes. If you are signed in at Facebook, we also expressly refer to its Data Policy.
If you wish to revoke your consent to Conversion Pixel, please go to www.facebook.com/settings?tab=ads.
6 Twitter
This website uses the buttons of the service Twitter. These buttons are offered through Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They are recognizable by terms such as “Twitter” or “Follow” combined with a stylized blue bird. With the aid of the buttons it is possible to share an article or page from this website with Twitter or to follow the provider at Twitter.
When a user accesses a page of this website which contains such a button, his browser establishes a direct link with the servers of Twitter. Twitter transmits the content of the Twitter buttons directly to the browser of the user. The provider therefore has no influence on the scope of the data which Twitter collects by means of this plug-in and informs the user consistent with the state of its knowledge. To the understanding of the provider, when the button is pressed, only the IP address of the user is transmitted along with the URL of the respective website, but it is not used for purposes other than to display the button.
Further information on this can be found in the privacy policy of Twitter at http://twitter.com/privacy.
7 Protection of minors
The consent for the processing of personal data can only be given by a person of legal age. For services of MibeTec, the consent of a child who is at least sixteen years old is lawful pursuant to Art. 8 GDPR.
8 Amendments to our privacy policy
To ensure that our privacy policy is always consistent with current legal standards we reserve the right to make changes at any time. This also applies when the privacy policy must be conformed based on new or revised deliverables, such as new services. In such case, the new privacy policy will take effect on your next visit to our website.
9 Rights of the data subject
Each data subject has the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object under Art. 21 GDPR and the right to data portability under Art. 20 GDPR, unless contrary to law (particularly under Art. 15, 17 GDPR, §§ 34 and 35 BDSG).
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1)(e) GDPR (data processing in the public interest) and Article 6 (1)(f) GDPR (data processing based on a weighing of interests). |
A writing sent by conventional mail or by e-mail to the following address is sufficient to exercise your rights: Datenschutz.MibeTec@dermapharm.com.
10 Data transmission to third countries
No data is transmitted to locations outside the European Union (so-called third countries) (please note: be mindful of the information on this under paragraphs 4-6).
11 Use of automated decision-making or profiling
In principle, we use no fully automated decision-making or profiling pursuant to Article 22 GDPR. If we should employ these procedures in individual cases, we will inform you separately of this if this is required by law. (Please note: be mindful of the information on this under paragraphs 4-6).
Status of the privacy policy
This privacy policy is currently in force and is the October 2018 version.